CVE-2025-34392: Barracuda RMM < 2025.1.1 Service Center Absolute Path Traversal RCE
Published Dec 10, 2025
·Updated
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload.
Affected Software
2 affected components
Barracuda Service Center<2025.1.1
Barracuda RMM<2025.1.1
Event History
Dec 10, 2025
CVE Published
via MITRE·03:44 PM
Data Sourced
via MITRE·03:44 PM
DescriptionWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-34392?
CVE-2025-34392 is considered a high severity vulnerability due to the potential for remote code execution.
2
How do I fix CVE-2025-34392?
To fix CVE-2025-34392, upgrade to Barracuda Service Center version 2025.1.1 or later.
3
What exploitation techniques are relevant to CVE-2025-34392?
CVE-2025-34392 can be exploited through arbitrary file write and remote code execution via webshell upload.
4
Which versions of Barracuda Service Center are affected by CVE-2025-34392?
CVE-2025-34392 affects versions of Barracuda Service Center prior to 2025.1.1.
5
How can CVE-2025-34392 impact my system?
CVE-2025-34392 can lead to unauthorized remote access and control over the affected system.